Create an alternate secure route for a third-party encryption service

As a Google Workspace admin, you can modify routing behavior for email messages that require secure transport. Use the Alternate secure route setting to specify a secure fallback route. If you use a third-party encryption service, you can use this setting to route non-secure traffic to your encryption service. 

Important: Before you specify a fallback mail route with the Alternate secure route setting, you must first add one or more mail routes to the Hosts setting. When you add mail routes, be sure to add a host that supports the level of TLS delivery that you require for your email.

Create an alternate secure route for your domain

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in

  2. In the Admin console, go to Menu ""and then"" Appsand thenGoogle Workspaceand thenGmailand thenRouting.
  3. On the left, select the top-level organization.
  4. Scroll to the Alternate secure route setting and click Edit Edit.
  5. Check the Use an alternate route when secure transport is required box.
  6. Under the box, select the alternate route from the list.
    • All messages requiring secure transport to hosts that don't use TLS are sent over the selected route.
    • To add a route as an option in the list, add the mail route with the Hosts setting.
  7. Click Save

Changes can take up to 24 hours but typically happen more quickly. Learn more

To track changes, go to the Admin audit log.

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue

Clear search
Close search
Google apps
Main menu
Search Help Center